[Dshield] FAQ Suggestion

Jens Knoell jens at ing.twinwave.net
Sat Aug 31 15:32:07 GMT 2002


From: "David Sentelle" <David.Sentelle at cnbcbank.com>
> How  can a network administrator insure their clients are not using
loophole software?

Answer: You can't, unless you totally block connections from your network to
the internet. As soon as you have _some_ kind of internet access, you can
use that to tunnel any traffic through it.

What I'd usually recommend in such cases is: Rethink what your network is
supposed to do, and what the clients on that net are supposed to do. Do they
really _all_ need the ability to browse the net? Do they need _any_ net
access at all? If they do, make sure you have someone who does analyze the
logs for any attempts to violate company policy, and deal harshly with any
such attempts. Harshly enough so that the rest of the employees know that
the boundaries are enforced.

Jens




More information about the list mailing list